You can. Just put the IP and Port into the bottom and direct connect.

If you're fast, it will only poll a few. That's a Unity server browser design, not TFP's.

99% of computers out there shouldn't have an issue with it polling the servers to generate the list. Hell, even Windows won't have any issue unless your DNS stack is already close to full, and you leave the list open for several minutes. (Which is a Windows issue, and not a client issue.)

Add the server to favorites , i know it isnt exactly what your asking for but it should help.

Yeah lets fix it for one guy. That sounds like a good use of time..

I still don't understand why it's even an issue for this one guy.

A tiny packet of maybe a few kb's of information handshake to a bunch of servers barely takes any time or effort on the part of your client, you said yourself its not even a performance issue, so...what exactly is the problem? That you have to see a list of servers before you click join by IP? Add your favorite server to favorites, and the server list will default to the favorites/history screen only showing you your favorite servers and other recently joined ones, which it will actively poll first before moving onto pinging other servers.

I could understand the saving data transferred reason, as data = energy used and energy should be conserved at all costs until we have nuclear fusion working in 30 years (it's always 30years)

How would you want that feature to work?

Providing command line parameters with the steam clients game-option page?

Creating manual desktop shortcuts?
Having a 'join last played-on server' button in the main menu?

That last one would actually make sense to me

Anyhow, if you really feel in danger just block the port the server browser uses and connect manually.

Originally posted by Kick:

Originally posted by Shurenai:

A tiny packet of maybe a few kb's of information handshake to a bunch of servers barely takes any time or effort on the part of your client, you said yourself its not even a performance issue, so...what exactly is the problem? That you have to see a list of servers before you click join by IP? Add your favorite server to favorites, and the server list will default to the favorites/history screen only showing you your favorite servers and other recently joined ones, which it will actively poll first before moving onto pinging other servers.

The issue is that anyone can stand up a public 7D server and basically enumerate everyone who is playing the game, and at what time, and from what IP address. Also suppose there is a vulnerability in the game, or in Unity itself, that allows remote code execution by sending the client a crafted packet. Oops, now simply launching the game to play on a private server is enough to get you owned.

Do you have any source that this is how it works? I'd assume that the servers are listed either on steam or on 7DtD side.
Theoretically, one could DDoS-attack every server at the same time just by having a number of computers refresh the serverlist if it works as you think.

Originally posted by Kick:

The issue is that anyone can stand up a public 7D server and basically enumerate everyone who is playing the game, and at what time, and from what IP address. Also suppose there is a vulnerability in the game, or in Unity itself, that allows remote code execution by sending the client a crafted packet. Oops, now simply launching the game to play on a private server is enough to get you owned.

Most Co-op games in my library are like this. Killing Floor 2 - server browser shows you all games in progress and you pick one. Vermintide - matches you with a game in progress automatically (must search for available games to do so).

If you are concerned about traffic to a particular server that you suspect to be unscrupulous, or whose admin you personally don't like, then just make a rule in your firewall to not allow traffic to that IP and it won't matter what the game does. Takes about 10 seconds to do.
(And if you aren't using a configurable firewall then Unity engine is absolute the least of your worries in the first place :)

This is one of the most sold games of all time. I think if there was a vulnerability that average joe teenager could exploit we would know by now. If they haven't been detected in a decade of taking over machines, they are quite literally better than the NSA at it, and nothing you do will stop them. I wouldn't lose sleep over it.

Btw - not to make you even more paranoid than you already are, but if you play any games on any servers that use VAC or EAC, or other anti-cheat software, those are about 10 million times more intrusive than a server ping, do a lot of internet traffic for challenge-response mechanisms, and have access to your system memory. :)

Originally posted by Kick:

That other games have the same broken behavior is not a justification.

I didn't say it was a "justification". Just an observation common in top 100 co-op games. Not like this game is doing something unusually "vulnerable"

Originally posted by Kick:

Vulnerabilities can appear with every new update - just because one hasn't been discovered doesn't mean it doesn't exist.

This also means ANY part of the game could have a vulnerability every update. If you are going to make that assumption, then really make that assumption. And you are focusing on just the server list ping, oddly. Which is probably one of the simplest and least data transfer intensive things the game does. Which is why I suggested closing the hypothetical holes on your side at the firewall level. :)

Originally posted by Kick:

Sure, any update can introduce a vulnerability. But to exploit that vulnerability remotely is very difficult,

You don't seem to understand what a vulnerability is. A vulnerability is a vulnerability. Maybe they accidentally introduce a vulnerability responds to traffic even in client mode. You are the one making the assumption something gets accidentally introduced. It makes no sense to arbitrarily assume the particular server list vulnerability you are worried about is easy to exploit, but all others would be hard to exploit. You can't know that. They are all hypothetical vulnerabilities.

Interestingly, I was the one who already said it would be difficult to exploit. You are now basically agreeing with my earlier posts.

Originally posted by Kick:

I don't think you've been following the thread.

Someone here isn't. That's pretty clear. Don't think it's me though.

Originally posted by Kick:

It isn't at all arbitrary, as I've explained numerous times.

An RCE and buffer overrun exploit still requires a software vulnerability. If the client code is well written then it is very difficult or virtually impossible to exploit. If the client code has one corner case, then it might be difficult to exploit (such as as expecting a particular data format or checksum which is hard to also squeeze executable code into in a valid format which gets processed). If it is a glaring broken weakness, then it would be easy. Point being, which you don't seem to grasp, you simply can not (repeat, can't, as in you cannot) assume you know ahead of time how easy or difficult to exploit some hypothetical non-existent vulnerability is compared to another. No matter how much you have convinced yourself you can. You are making an arbitrary assumption that one hypothetical vulnerability that doesn't exist is harder than another hypothetical vulnerability that doesn't exist.

Eh, I come here to take my mind off of work, not explain it to someone. And this thread will probably be locked soon anyway.

If it helps, I sort of see what you are trying, somewhat clumsily, to get at. In some parts of the code, like receiving a packet there could be more opportunities for a coder to make a mistake that introduces a weakness. We get that. Everyone gets that. But more opportunities to create a weakness doesn't mean all individual weaknesses of a certain type are necessarily easier to exploit than all weaknesses of another, or whatever weird conclusion your are leaping to. You just can't make that generalization.

At the end of the day, it's a online co-op game. Designed, like many other popular on-line co-op games, with a server browser. If security from hypothetical threats not yet known to exist is that much of a concern to you, I already suggested using your firewall in more than install and forget mode. You don't want to do that.

Peace bro.

Originally posted by Kick:

... When you fetch the server list, you are asking hundreds' of strangers servers to send code to your computer and execute it.

This is so wrong it's not even funny. They aren't sending code to your computer and executing it. They're sending a data information packet with specific information. The client then reads that simple information and fills in the fields in the list. If the data doesn't match what the code in your client is expecting, nothing happens.